1.28k likes | 1.54k Views
IPv6 – The Next Generation of Internet Protocols. Presentation by Jon Evans for Uniforum Chicago on November 30, 2010. MANDATE.
E N D
IPv6 – The Next Generation of Internet Protocols Presentation by Jon Evans for Uniforum Chicago on November 30, 2010
MANDATE Federal CIO VivekKundra has issued a directive requiring all U.S. government agencies to upgrade their public-facing Web sites and services by Sept. 30, 2012 to support IPv6… Network World. Sept. 28, 2010
CHINA Used it for the 2008 Olympic Games in their Network Infrastructure. CNGI – China Next Generation Internet
IPv4 I. Origins Deployed on January 1, 1983 II. Description A. 32 bit address in a series of four 8-bit numbers . Largest 8-bit number is 255. Can identify 232 addresses. B. Based on binary. Only two values – 0 and 1. C. Represented in decimal notation. D. All IP addresses composed of Network ID and Host ID III. Classes A - 0.0.0.0 to 127.255..255.255 B - 128.0.0.0 to 191.255.255.255 C - 192.0.0.0 to 233.255.255.255 D - 244.0.0.0 to 239.255.255.255 (Multicast) E - 240.0.0.0 to 255.255 .255.255 (Reserved)
Types of IPv4 IV. Private addresses A. Developed by the IANA B. Not routed C. Class A: 10.0.0.0 to 10.255.255.255 D. Class B: 172.16.0.0 to 172.31.255.255 E. Class C: 192.168.0.0 to 192.168.255.255 V. APIPA (Automatic Private IP Addressing) A. DHCP Failover mechanism for Windows. B. Range 169.254.0.1 to 169.254.255.254 VI. CIDR (Classless Inter-Domain Routing) A. Implemented in 1993 because IP addresses being depleted. B. Variable Length Subnet Mask (VLSM) is used to create additional addresses. C. Written in standard 4 part dotted decimal followed by /N (0 to 32). Example: 212.43.43.33/27. Indicates network prefix.
IPv4 VII. Special types A. 0.0.0.0/8 - Current network B. 14.0.0.0/8 - Public-Data Networks C. 24.0.0.0/8 - Cable Television Networks D. 39.0.0.0 - Reserved but subject to allocation E. 127.0.0.1/8 - Loopback F. 128.0.0.0/16 - Reserved but subject to allocation G. 191.255.0.0/16 - Reserved but subject to allocation H. 192.0.0.0 /24 - Reserved(IANA) I. 192.0.2.0/24 - TEST-NET-1
IPv4 VII. Special types J. 192.88.99.0/24 - IPv6 to IPv4 relay (To allow 6to4 addresses to exchange traffic with native IPv6 addresses) K. 198.18.0.0/15 - Network benchmark tests L. 198.51.100.0 /24 - TEST-NET-2 M. 203.0.113.0/24 - TEST-NET-3 N. 223.255.255.0/24 - Reserved but subject to allocation O. 224.0.0.0/4 - Multicasts P. 223.255.255.0/24 - Reserved but subject to allocation Q. 240.0.0.0/4 – Reserved R. 255.255.255.255 - Broadcast
IPv5 I. Meant for test/research II. Known as ST, then ST2. III. RFC 1819
IPv6 I. Origins A. RFC 2460 on December 1998 B. Once known as IP-The Next Generation (IPng) II. Basic concepts A. Larger address space B. Better routing C. Easier host configuration D. Built-in security E. More efficient priority delivery F. Headers redesigned for better processing and extensibility III. Description A. 128 bit address in a series of eight 16 bit fields separated by colons. Can identify 2128 addresses. B. Based on binary. Only two values – 0 and 1. C. Represented in hexadecimal notation D. Group zeros with :: (Only once) E. Network portion is represented by a slash at the end and the number of prefix bits for the network. Examples 3ffe:1900:4545:3:200:f8ff:fe21:67cf fe80::884:e09:d546:aa5b
IPv6 ADDRESS CATREGORIES I. Unicast A. Ways to get the interface id. 1. Unicast addresses with the prefixes 001 to 111 must use a 64-bit ID derived from the Interface Identifier. 2. Interface ID can be randomly generated for anonymity. 3. Assigned during stateful addressing. 4. Manually configured. B. Types 1. Link-Local 2. Unique-Local 3. Global II. Multicast • Anycast • Special
Types of IPv6 addresses I. Unicast A. Link-local address (APIPA address in IPv4) 1. Not routed 2. Stateless address auto-configuration when DHCP not available 3. Starts with fe80:: 4. Contains a. 10 bits: 1111111010 b. 54 bits: 0 c. 64 bits: Interface ID
Types of IPv6 addresses I. Unicast B. Unique-local (Private address in IPv4) 1. Used to be called Site-local addresses 2. RFC 4193 3. Also called unique local unicast address or local IPv6 address. 4. Not routed 5. Used within a site 6. Begins with FE and has C to F for third hex 7. Contains a. 7 bits: 1111111 (Prefix) b. 1 bit: Set to 1 if assigned locally. If 0, may be defined in future c. 40 bits: Global ID d. 16 bits: Subnet ID e. 64 bits: Interface ID
Types of IPv6 addresses C. Global Unicast address (Public address in IPv4) 1. Starts with 001 (2000::/3) through 111 (E000::/3) 2. Contains a. 48 bits: Global routing prefix b. 16 bits: Subnet ID c. 64 bits: Interface ID (MAC address in IPv4) II. Multicast address A. Contains 1. 8 bits: Prefix 2. 4 bits: Flag bits 3. 4 bits: scope 4. 8 bits: Reserved 5. 8 bits: Plen (Length of the prefix in the prefix field) 6. 64 bits: Network Prefix 7. 32 bits: Group ID
Types of IPv6 addresses B. Fixed Scope Multicast 1. Interface-Local a. ff01::1 - All Node-Local Nodes b. ff01::2 - All Node-Local Routers 2. Link-Local a. ff02::1 - All Link-Local Nodes b. ff02::2 - All Link-Local Routers c. ff02::3 - Unassigned d. ff02::4 - Link-Local DVMRP Routers e. ff02::5 - Link-Local OSPFIGP f. ff02::6 - Link-Local OSPFIGP Designated Route g. ff02::7 - Link-Local ST Routers
Types of IPv6 addresses h. ff02::8 - Link-Local ST Hosts i. ff02::9 - Link-Local RIP Routers j. ff02::A - Link-Local EIGRP Routers k. ff02::B - Link-Local Mobile-Agents l. ff02::D - All Link-Local PIM Routers m. ff02::E - Link-Local RSVP- ENCAPSULATION n. ff02::16 – All MLDv2-capable routers o. ff02::6A – All Snoopers p. ff02::1:1 - Link-Local Link Name q. ff02::1:2 - Link-Local All-dhcp-agents r. ff02::1:FFXX:XXXX - Link-Local Solicited-Node address
Types of IPv6 addresses 3. Unique-Local a. ff05::1:2 – All Routers address b. ff05::1:3 – All DHCP servers c. ff05::1:4 – Depreciated d. ff05::1:1000 to ff05::1:13ff – Service Location (SLP) Version 2 - In the following, the service is in the Group ID. For example, ff02::101 means the NTP servers in the local network. The Group ID can be additionally divided.
Types of IPv6 addresses B. Permanently assigned multicast addresses independent of scopes. 1. ff0x:: - Reserved 2. ff0x::101 - Network Time Protocol 3. ff0x::102 - SGI-Dogfight 4. ff0x::103 - Rwhod 5. ff0x::104 - VNP 6. ff0x::105 - Artificial Horizons – Aviator 7. ff0x::106 - NSS – Name Service Server 8. ff0x::107 - AUDIONEWS – Audio News Multicast 9. ff0x::108 - SUN NIS+ Information Service 10. ff0x::109 - MTP Multicast Transport Protocol
Types of IPv6 addresses 11. ff0x::10A - IETF-1-LOW-AUDIO 12. ff0x::10B - IETF-1-AUDIO 13. ff0x::10C - IETF-1-VIDEO 14. ff0x::10D - IETF-2-LOW-AUDIO 15. ff0x::10E - IETF-2-AUDIO 16. ff0x::10F - IETF-2-VIDEO 17. ff0x::110 - MUSIC-SERVICE 18. ff0x::111 - SEANET-TELEMETRY 19. ff0x::112 - SEANET-IMAGE 20. ff0x::113 - MLOADD 21. ff0x::114 - Any private experiment 22. ff0x::115 - DVMRP on MOSPF 23. ff0x::116 - SVRLOC
Types of IPv6 addresses 24. ff0x::117 - XINGTV 25. ff0x::118 - microsoft-ds 26. ff0x::119 - nbc-pro 27. ff0x::11A - nbc-pfn 28. ff0x::11B - lmsc-calren-1 29. ff0x::11C - lmsc-calren-2 30. ff0x::11D - lmsc-calren-3 31. ff0x::11E - lmsc-calren-4 32. ff0x::11F - ampr-info 33. ff0x::120 - mtrace 34. ff0x::121 - RSVP-encap-1 35. ff0x::122 - RSVP-encap-2 36. ff0x::123 - SCRLOC-DA 37. ff0x::124 - rln-server 38. ff0x::125 - proshare-mc
Types of IPv6 addresses 39. ff0x::126 - dantz 40. ff0x::127 - cisco-rp-announce 41. ff0x::128 - cisco-rp-discovery 42. ff0x::129 - gatekeeper 43. ff0x::12A - iberiagames 44. ff0x::201 - “rwho” Group (BSD) (unofficial) 45. ff0x::2:0000 to ff0x::2:7ffd Multimedia Conference Calls 46. ff0x::2:7ffe - SAPv1 Announcements 47. ff0x::2:7fff - SAPv0 Announcements 48. ff0x::2:8000 to ff0x::2:fff - SAP Dynamic Assignments
Types of IPv6 addresses III. Anycast addresses A. Cross between a unicast and multicast address. B. A group of interfaces usually on separate nodes. C. When packets are sent, they are sent to the nearest interface based on routing protocol distance measurement. D. Mobile IPv6 uses this. IV. Zones A. A network address can be assigned a scope zone. B. A link-local zone is made up of all network interfaces connected to a link. C. Addresses are unique within a zone. D. A zone index suffix on the address identifies the zone. Example: fe80::884:e09:d546:aa5b%10
Types of IPv6 addresses IV. Special A. Unspecified – 0:0:0:0:0:0:0:0 or :: B. Loopback - 0:0:0:0:0:0:0:1 or ::1 C. Addresses compatible with IPv4 - ::/96 D. Mixed IPv4 and IPv6 1. Puts values of IPv4 address into low order bytes of IPv6 2. Example 0:0:0:0:0:0:192.168.100.1 E. 6to4 Prefix of 2002::/16 F. ISATAP G. Teredo Prefix of 2001::/32
ADDRESSES REQUIRED I. For Each Host A. Link-local address for each interface B. Any assigned unicast and anycast addresses C. Loopback address D. All-nodes multicast address E. Solicited-node multicast address for each assigned unicast and anycast addresses. F. Multicast addresses of other groups the host is a member of. II. For each router A. Needs to recognize the above B. Subnet-router anycast address for the interfaces it is a router for. C. All anycast addresses for which the router is configured for. D. All-routers multicast address E. Multicast addresses of groups the router belongs to.
IPv6 in Ethernet (RFC 2464) I. Pv6 address (Link-Local)for Ethernet Interface contents A. Interface Identifier 1. Based on the EUI-64 identifier a. Can be made from MAC-48 or EUI-48 - OUI (First 3 octets) becomes the company_id - 4th and 5th octets - FFFE Example: 34-56-78-9A-BC-DE becomes 36-56-78-FF-FE-9A-BC-DE 2. Complement of the Universal/Local (U/L)bit 0 becomes a 1 B. Interface Identifier is then appended to FE80::/64 Diagram: 10 bits 54 bits 64 bits + ------------------+-------------------------------+-------------------------------------+ | 1111111010 | (Zeros) | Interface Identifier | +-------------------+-------------------------------+-------------------------------------+
IPv6 in Ethernet (RFC 2464) II. Ethernet Frame A. Ethernet Header 1. Destination Ethernet address 2. Source Ethernet address 3. Ethernet type code – Must be 86DD B. Data Field 1. IPv6 Header 2. Payload III. MTU Max is 1500 octets
IPV6 HEADER EXPLAINED I. First 40 bytes of Data packet. II. Fields A. Version/IP Version (4 bits) Has the number 6 B. Traffic class/Packet Priority (8 bits) 1. Field used by the source node and routers 2. Replaces Type of Service field in IPv4 C. Flow Label/Flow Management(20 bits) 1. Identified by together with source address and non-zero flow label 2. The way to handle the flow may be in the data packet or with RSVP(Resource Reservation Protocol) D. Payload Length in bytes (16 bits) 1. Length field in IPv4 includes the IPv4 Header itself but this doesn’t. 2. Extension Headers included in value 3. Length of data field following the header 4. Upper limit – 64 KB 5. Jumbogram is indicated with a zero.
IPV6 HEADER EXPLAINED E. Next Header (8 bits) 1. In IPv4 this is the Protocol Type field 2. Type of header following current one. 3. Usually transport layer protocols. 4. Two most common types a. TCP – 6 b. UDP - 17 5. If Extension Headers are used, this is the type of the Extension Header F. Hop Limit/Time to Live (8 bits) 1. TTL field in IPv4 2. Decremented by 1 by each router. 3. 255 max G. Source address (128 bits) H. Destination address (128 bits)
EXTENSION HEADERS I. Explanation A. Inserted only if needed. There can be zero or more. B. RFC 2460 C. Between the IPv6 Header and the upper layer protocol header. D. Examined usually only by the destination of single address or by all nodes representing the multicast. Exception – Hop-by-Hop inspected by each node in the path. II. Extension Headers in order they would appear A. Hop-by-Hop Options 1. Next Header 2. Header Extension Length 3. Options a. Jumbogram - If Payload Length has 0 in the IPv6 field, then Hop-by-Hop Options Header is looked at. - If option is 194, then there is a Jumbo Payload. - Supports packets between 65,536 to 4,294,967,295 bytes b. Router alert For routers to notice. Regular data packets can pass through.
EXTENSION HEADERS B. Routing 1. To give a list of nodes to visit along the way 2. Fields a. Next Header b. Header Extension Length c. Routing Type d. Segments Left e. Type-Specific Data 3. Next Header field in the IPv6 Header field is 43 for this Extension Header 4. This Header comes into play for 6to4 transition. The source and destination addresses have the prefixes 2002.
EXTENSION HEADERS C. Fragment 1. Source host uses Path MTU discovery to see of packet is too large for path. If that is the case, it fragments the packets. Routers in IPv4 fragment the packets. Reassembly is done at the destination. 2. Preceding Header has 44 in Next Header field for this Header to come into play. 3. Fields a. Next Header b. Reserved c. Fragment Offset d. Reserved e. M-Flag 1: More fragments 0: Less fragments f. Identification 4. Unfragmented original is in every fragment. Then the fragment header and the fragment. 5. If all fragments are 60 seconds late after the first one, all are discarded.
EXTENSION HEADERS D. Destination Options 1. Examined by the destination only. 2. 60 in the Next Header of the previous header indicates this one. 3. Can appear twice in a IPv6 packet. a. If before Routing Header, it has information for the routers to process b. If before the upper layer protocols, there is information for the destination. 4. Fields a. Next Header b. Header Extension Length c. Options
ICMPv6 (Internet Control Message Protocol) I. The basics A. Handles what the protocols ICMP, ARP, and IGMP (Internet Group Management Protocol) took care of. B. An IPv6 header and zero or more extension headers precede the message. C. ICMP message is 58 in the Next Header field
ICMPv6 II. Four error message categories A. Destination unreachable: 1 B. Packet too big: 2 C. Time exceeded: 3 1. 0 – Hop limit exceeded 2. 1 – Fragment reassembly time exceeded D. Parameter problems: 4
ICMPv6 III. Information Messages A. Echo Request: 128 (Ping) B. Echo Reply: 129 (Ping) C. Multicast Listener Query: 130 D. Multicast Listener Report: 131 E. Multicast Listener Done: 132 F. Router Solicitation: 133 G. Router Advertisement: 134 H. Neighbor Solicitation: 135 I. Neighbor Advertisement: 136 J. Redirect Message: 137 K. Router Renumbering: 138 L. ICMP Node Information Query: 139 M. ICMP Node Information Response: 140 N. Inverse ND Solicitation: 141 O. Inverse ND Adv Message: 142 P. Version 2 Multicast Listener Report: 143
ICMPv6 III. Information Messages S. ICMP Home Agent Address Discovery Request Message: 144 T. ICMP Home Agent Address Discovery Reply Message: 145 U. ICMP Mobile Prefix Solicitation Message: 146 X. ICMP Mobile Prefix Advertisement Message: 147 Y. Certification Path Solicitation Message: 148 Z. Certification Path Advertisement Message: 149 AA. Multicast Router Advertisement: 151 BB. Multicast Router Solicitation: 152 CC. Multicast Router Termination: 153
ICMPv6 III. Fields A. Type (8 bits) 1. Error message if high order bit is zero 2. Information message if high order bit is one B. Code (8 bits) Depends on message type C. Checksum To detect errors in message D. Message Type In an error it will have as much as possible of the packet that caused it.
Neighbor Discovery(RFC 2461) I. Basics Combines ARP and ICMP Router Discovery and Redirect II. Nodes use ND for A. Auto-configuration B. Network prefixes, routes, and other config C. Duplicate IP address detection D. Layer 2 addresses of nodes on the same link E. Neighboring routers to forward their packets F. Keeping track of reachable and non neighbors G. Noticing link-layer address changes
Neighbor Discovery(RFC 2461) III. Improvement over the IPv4 protocols now used in ND A. Router discovery B. Router Advertisement has the link-layer address for the router C. Router Advertisement has prefix for link (Subnet). D. Easier process to renumber networks E. Router Advertisements enable stateless address auto- configuration and inform hosts when to use stateful (DHCP). F. Routers use it to notify of MTU for link G. Multiple prefixes given either by the router or through redirect messages H. Neighbor Unreachability Detection I. Router Advertisements and redirects use link-local addresses to identify routers. J. ND messages have a hop limit of 255 and aren’t answered if below. K. IP Authentication and other security functions can be used.
Neighbor Discovery(RFC 2461) IV. Five ICMP messages for ND A. Router Solicitation and Router Advertisement 1. Hosts send a Router Solicitation message and the router responds with a Router Advertisement 2. Optional Extension to Router Advertisement a. Used by routers to indicate preferences and more specific routes. b. Allows host to pick a better route 3. Options field in Router Advertisement a. Source link-layer address b. MTU size c. Prefix information for Stateless auto-configuration.
Neighbor Discovery(RFC 2461) B. Neighbor Solicitation and Neighbor Advertisement Two functions for this pair 1. Link-layer address resolution 2. Neighbor Unreachability Detection C. ICMP Redirect Message 1. Used by routers to tell the node of a better first-hop node on the way to the destination. 2. Can inform the node that destination is a neighbor on same link and note a remote subnet.
Neighbor Discovery(RFC 2461) V. Inverse Neighbor Discovery A. An extension to ND. B. Originally designed for Frame Relay networks. C. RFC 3122 D. Has two messages 1. IND Solicitation 2. IND Advertisement E. Similar to Reverse ARP F. Same format as ND messages, but additional options G. The Process 1. Host wants the IPv6 address for an interface. It knows the link-layer address. 2. Sends IND Solicitation to all-nodes multicast address. 3. On link layer, message sent to the interface. 4. Destination replies with IND advertisement with Target Address list. 5. If list too big, it sends multiple IND advertisements.
Neighbor Discovery(RFC 2461) VI. Secure Neighbor Discovery (SEND) A. Scenario: Node on link can identify itself as a default router and send forged Router Advertisement messages. B. RFC 3971 C. Components 1. Certification Path Solicitation and Advertisment messages 2. Cryptographically Generated Address 3. Additional options a. RSA Signature b. Timestamp c. Nonce D. Can’t be used for 1. Nodes with static addresses 2. Addresses configured with IPv6 Stateless Auto- configuration.
Neighbor Discovery(RFC 2461) VII. Link-Layer Address Resolution A. When a node has an IP address and wants to know the Link-layer address (ARP in IPv4). B. For nodes on the same link. C. Neighbor Solicitation message sent to solicited node multicast address of the neighbor . D. If destination is reachable, the node sends it’s link-layer address.
Neighbor Discovery(RFC 2461) VIII. Neighbor Cache and Destination Cache A. On every node B. Neighbor Cache 1. List of neighbors traffic recently sent to. 2. Listed by Unicast address 3. Entries contain a. Neighbor’s link-layer address b. Flag showing if router or host c. Whether packets are queued for neighbor d. Neighbor’s reachability e. Time when next unreachability detection will occur 4. Possible states a. Incomplete b. Reachable c. Stale d. Delay e. Probe C. Destination Cache 1. Information on local and remote destinations traffic has recently been sent to. 2. Information from ICMP redirect messages. 3. Can contain MTU sizes and roundtrip timers.
Neighbor Discovery(RFC 2461) IX. Autoconfiguration Allows renumbering of sites by prefixes X. MLD (Multicast Listener Discovery) Protocol for Multicast Listeners to register for Multicast addresses they want to use for efficient routing. XI. Multicast Router Discovery For discovering Multicast routers.
Auto-Configuration I. Stateless A. Good for small businesses and individuals B. Provides IP address II. Stateful DHCPv6 A. Provides IP address and other parameters B. Provides auditing, tracking, and management of address allocation
DHCPv6 (RFC 3315) I. Reasons for DHCPv6 A. You have a certain addressing scheme B. Need dynamic assignment of DNS servers C. Don’t want the MAC address as part of the IPv6 address D. Want to implement dynamic updates to DNS E. Combine it with Stateless Configuration so it can provide additional information (RFC 3736). II. Note Router Advertisement has options to tell the client whether or not to use DHCP. III. DHCPv6 uses these multicast addresses A. All_DHCP_Relay_Agents_and_Servers 1. FF02::1:2 2. All DHCP agents which are servers and relays are part of this group. 3. DHCP clients use it to reach the DHCP agents. B. All_DHCP_Servers address 1. FF05::1:3 2. All DHCP servers in a site are in this group 3. Used by the relays to reach the servers in the site.
DHCPv6 (RFC 3315) IV. UDP Ports A. UDP port 546 1. For clients to listen for DHCP messages 2. For servers and relays to use as destination port for the clients. B. UDP port 547 1. For servers and relays to listen on. 2. Clients use this for destination port for servers and relays. 3. Relays use it to reach servers